I have my main app (Ruby on Rails) hosted with Heroku, DNS managed by DNSimple. It is served using SSL with a wildcard certificate. myapp.com and www.myapp.com, both work correctly.
The issue starts when I try and direct some subdomains to other services. For example I want blog.myapp.com to point to our instance of Ghost.org. I am also trying to point data.myapp.com to a different heroku app that we use for reporting purposes.
I don't need/want either of these subdomains to use SSL but it seems no matter what I try, that they try and fail to load the HTTPS version.
To be honest I'm confused where this is being triggered from. Where should I be altering the configuration. My Rails App, Heroku, DNSimple, the SSL cert, somewhere else entirely?
I have managed to solve this issue by clearing the browser cache on my machine.
I'm not sure what caused it to force SSL to begin with but the current configuration seems to be now be working.
Related
Working on an app built using Ember.js and Rails.
Authentication is being done with ember-simple-auth using Oauth2.
I am able to login to my app locally in my development environment, but as soon as I try to login on my production server (through Heroku) I start receiving a nginx 405 not allowed status code.
First thing I thought was maybe it is my request headers / CORS. I am using rack-cors gem on my rails side and configured it based directly off the readme example. Here is my application.rb
Researching, I found the same problem with the solution being to configure Nginx side of things, but I figured since that is being handled by heroku I wasn't really sure if that was where I need to make my changes.
Let me know if there are any other files/info that could help.
What is the best way to debug this problem?
Try using this first to rule out CORS:
https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi
Does the route work locally when you use Postman or a similar tool?
Are you requesting HTML or JSON?
I am running a Rails app inside of Vagrant. I am trying to run my app in QA mode to reflect my deployment environment. I am doing SSL termination at the load balancer in my QA environment, so I'd like to be able to run my Rails app only over http, no https anywhere.
I am using Devise for user authentication. I can load my app just fine, but when I log in, devise always wants to redirect onto https. I can't seem to get it to behave differently. I've pinged the devise maintainers for help but they didn't have any insight to share.
I've tried setting config.force_ssl = false but that doesn't seem to make a difference.
I am running the app under Unicorn, proxying to nginx. Any insight would be appreciated!
I think adding something like thi to application.rb this might prevent the issue:
[
config.action_controller.default_url_options,
config.action_mailer.default_url_options,
Rails.application.routes.default_url_options,
Devise::Engine.routes.default_url_options,
Devise::Engine.config.action_controller.default_url_options
].each do |config|
config[:protocol] = "http#{'s' if Rails.env.production}"
end
In addition, you can override a variety of Devise controller methods, by subclassing them. So if you identify the cuplrit method, you can either a) solve the root cause, or b) subclass the controller, to use a workaround instead.
Something has changed in my environment and I don't know why. I use SSL only for logging in through my sessions controller, which was working.
force_ssl :only => [:signin] unless Rails.env.development?
After logging in, a user is redirected to the home page, which should not be HTTPS. Now everything is be forced to SSL. In my production.rb file I set force_ssl to false, which it should be by default but that didn't resolve the problem.
I've also tried the solution posted here about using a protocol restraint in routes.rb which didn't work either.
Rails force ssl only on specified controllers
I've restarted nginx and unicorn several times but still forcing SSL. SSL is causing leafjs (map) not to work when my app tries to access its stylesheet and javascript from a remote location.
I could download them into my app but that wouldn't solve the forced_ssl problem.
My app is running on a DigitalOcean droplet, if that makes any difference.
Hello I am currently going through the tutorial below to add ssl to my heroku app
https://gist.github.com/shripadk/552554
so for today, I bought a domain name, set the cname to point to my heroku app
Currently my domain name is working.
I am trying to add ssl security feature to my app so secure.domainname.com works
Following the tutorial
heroku addons:add custom_domains:basic
I got an error
add ons not found
I can't find this add on on heroku as well. but I searched this command through stackoverflow and its suppose to exist?
I got the same error with this command
heroku addons:add ssl:hostname
but it also said adds on not found, later I found this same add on heroku but its with a different command.
This is the part that I don't get on the tutorial
After adding the ssl add on
This will add a $20/month (as of the time of this writing) fee to your Heroku bill for SSL.
VI: Setting up your DNS to work with Heroku Hostname SSL
You should recieve an email from heroku within a few minutes of adding the ssl:hostname addon. You need to add a CNAME record to your DNS that points to the AWS host in the email you receive. This should be pretty self explanatory, but if you have any questions, search for 'adding a CNAME record' in Google and you'll see lots of good guides.
Test that 'host secure.yourdomain.com' outputs 'something.amazonaws.com'. If it does, you're all set.
You should now be able to go to 'https://secure.yourdomain.com' and not see any errors or security warnings.
What is going on behind the scenes
When a user visits your site using 'http://secure.yourdomain.com', they're hitting your GoDaddy CNAME record, which points to an 'something.amazonaws.com' address which effectively routes the request to Heroku's grid, and a secure connection gets established from there following the standard SSL handshake process.
I didn't get an email, neither does appname.herokussl.com exist?
Am I suppose to use Zerigo DNS? for anything, its mentioned once in the top of the tutorial but not anywhere else?
From reading the comments, someone got a problem with the end part as well.
Thanks!
I followed this tutorial for both heroku and for my own server setup and when trying to setup on heroku for the first time I did not do it correctly so I will explain some of the important steps when setting up ssl on heroku.
Use OpenSSL to generate a new self-signed certificate ('host.csr') using the host key we just created. This is what you'll be sending to
GoDaddy to model your new SSL after.
At the step above make sure you fill in the information correctly and also make sure your common name matches your ssl certificate name.
2. Combine 'secure.yourdomain.com.crt' and 'host.key':
You will need to combine your ssl keys. If you're using godaddy there are 2 files included name gd_bundle.crt and secure.yourdomain.com. Upon during the tutorial you will generate about 5-6 files in which you will only use 1.
Remove pass phrase from the public key certificate (required by Heroku)
In order for heroku to read your ssl cert you will need to remove all passwords on the certs so make sure the passwords are removed. There will be two files depending on how you have combined them with the extensions .pem and .key (The updated ones not the ones you started with).
You've most likely added the domain and subdomain so now through the command line run
heroku ssl:add ../ssl-cert/public.pem ../ssl-cert/private.key
Remember get the path of the newly updated files. Also when editing the files and copying over keys make sure there are no white spaces in between keys. Let me know if this helps.
I am having trouble with my site with precompiled assets looking nothing like my site with assets served on-the-go. So I figured, I should try things out in production.
Here's the problem, when I do, I get:
!! Invalid request
in my terminal log and in my browser I see
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
The graphic designer is not amused at the mess thats up right now, and I'd love to be able to reproduce the problem. Any ideas on how to get past this SSL issue?
The only way that I've ever been able to get sites implementing SSL working on my development box in production mode has been to set up Apache in front of my rails server (Webrick, or whatever). This is kind of a pain to set up, but it works. You should be able to find a guide on how to set it up using your exact configuration with a quick search. Another option would be to enable SSL via a configuration file, instead of by environment, so you could simply disable it regardless of your current environment. This is assuming everything else is actually correct and working...